Found 1512 bookmarks
Custom sorting
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits. Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances. Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts.
#GTIG#EN#2025#google#2024#Zero-Day#Exploitation#Analysis#report
·cloud.google.com·
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
M-Trends 2025 data is based on more than 450,000 hours of Mandiant Consulting investigations. The metrics are based on investigations of targeted attack activity conducted between Jan. 1, 2024 and Dec. 31, 2024. Key findings in M-Trends 2025 include: 55% of threat groups active in 2024 were financially motivated, which marks a steady increase, and 8% of threat groups were motivated by espionage. Exploits continue to be the most common initial infection vector (33%), and for the first time stolen credentials rose to the second most common in 2024 (16%). The top targeted industries include financial (17.4%), business and professional services (11.1%), high tech (10.6%), government (9.5%), and healthcare (9.3%). Global median dwell time rose to 11 days from 10 days in 2023. Global median dwell time was 26 days when external entities notified, 5 days when adversaries notified (notably in ransomware cases), and 10 days when organizations discovered malicious activity internally. M-Trends 2025 dives deep into the aforementioned infostealer, cloud, and unsecured data repository trends, and several other topics, including: Democratic People's Republic of Korea deploying citizens as remote IT contractors, using false identities to generate revenue and fund national interests. Iran-nexus threat actors ramping up cyber operations in 2024, notably targeting Israeli entities and using a variety of methods to improve intrusion success. Attackers targeting cloud-based stores of centralized authority, such as single sign-on portals, to gain broad access. Increased targeting of Web3 technologies such as cryptocurrencies and blockchains for theft, money laundering, and financing illicit activities.
#Mandiant#2025#trends#M-Trends#Data#statistcs#2024
·cloud.google.com·
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
Rapport menaces et incidents - CERT-FR
Rapport menaces et incidents - CERT-FR
Dans cette quatrième édition du panorama de la menace, l’Agence nationale de la sécurité des systèmes d’information (ANSSI) revient sur les grandes tendances de la menace informatique ainsi que sur les éléments et incidents marquants dont elle a eu connaissance en 2024. Dans la continuité des années précédentes, l’ANSSI estime aujourd’hui que les attaquants liés à l’écosystème cybercriminel ou réputés liés à la Chine et la Russie constituent les trois principales menaces tant pour les systèmes d’information les plus critiques que pour l’écosystème national de manière systémique. L’année 2024 aura également été marquée par l’organisation des Jeux Olympiques et Paralympiques de Paris ainsi que par le nombre et l’impact des vulnérabilités affectant les équipements de sécurité situés en bordure de SI.
#CERT-FR#FR#2025#Rapport#menaces#2024#ANSSI#Paris
·cert.ssi.gouv.fr·
Rapport menaces et incidents - CERT-FR
German election targeted by Russian disinformation, security services warn | The Record from Recorded Future News
German election targeted by Russian disinformation, security services warn | The Record from Recorded Future News
Germany’s security services warned on Friday that fake videos circulating online purporting to reveal ballot manipulation in the country’s upcoming federal elections were part of a Russian information operation.
#therecord.media#EN#2024#Germany#disinformation#Russia#election
·therecord.media·
German election targeted by Russian disinformation, security services warn | The Record from Recorded Future News
Ransomware roundup: 2024 end-of-year report - Comparitech
Ransomware roundup: 2024 end-of-year report - Comparitech
In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. 1,204 of these attacks were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites, but have not been acknowledged by the targets.
#comparitech#EN#2025#2024#report#ransomware#confirmed#statistcs
·comparitech.com·
Ransomware roundup: 2024 end-of-year report - Comparitech
Microsoft: macOS bug lets hackers install malicious kernel drivers
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. #Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS
#bleepingcomputer#EN#2024#CVE-2024-44243#System#macOS#Apple#Security#Integrity#SIP
·bleepingcomputer.com·
Microsoft: macOS bug lets hackers install malicious kernel drivers
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
We agree - modern security engineering is hard - but none of this is modern. We are discussing vulnerability classes - with no sophisticated trigger mechanisms that fuzzing couldnt find - discovered in the 1990s, that can be trivially discovered via basic fuzzing, SAST (the things product security teams do with real code access). As an industry, should we really be communicating that these vulnerability classes are simply too complex for a multi-billion dollar technology company that builds enterprise-grade, enterprise-priced network security solutions to proactively resolve?
#watchtowr#EN#2024#CVE-2025-0282#analysis#Ivanti#criticism#Connect#Secure
·labs.watchtowr.com·
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
FunkSec – Alleged Top Ransomware Group Powered by AI
FunkSec – Alleged Top Ransomware Group Powered by AI
  • The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to understand their true motivations. Many of the group’s leaked datasets are recycled from previous hacktivism campaigns, raising doubts about the authenticity of their disclosures. Current methods of assessing ransomware group threats often rely on the actors’ own claims, highlighting the need for more objective evaluation techniques.
#checkpoint#EN#2024#FunkSec#analysis#ransomware
·research.checkpoint.com·
FunkSec – Alleged Top Ransomware Group Powered by AI
Il perd 450 francs à cause d'une faille de sécurité des CFF
Il perd 450 francs à cause d'une faille de sécurité des CFF
Découverte d'une faille de sécurité chez CFF et chez CembraPay «Des escrocs ont acheté à mon nom des billets de train pour 450 francs» Lorsque Reto Pfammatter trouve un rappel de paiement dans sa boîte aux lettres, il se pose des questions. Pourquoi doit-il payer plus de 450 francs pour des billets CFF… qu'il n'a jamais achetés! Le Suisse s'est fait usurper son identité avec une arnaque simple.
#blick#FR#Suisse#2024#faille#cembra#CFF#arnaque
·blick.ch·
Il perd 450 francs à cause d'une faille de sécurité des CFF
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.
#unit42#EN#2024#LLM#Jailbreak#Likert
·unit42.paloaltonetworks.com·
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
What We Know About CVE-2024-49112 and CVE-2024-49113
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.
#trendmicro#EN#2024#CVE-2024-49112#CVE-2024-49113#LDAPNightmare#Microsoft#LDAP#RCE
·trendmicro.com·
What We Know About CVE-2024-49112 and CVE-2024-49113
DoubleClickjacking: A New Era of UI Redressing
DoubleClickjacking: A New Era of UI Redressing
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click . This technique is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an attacker site can frame another website, the framed site would be unauthenticated, because cross-site cookies are not sent. This significantly reduces the risk of successful clickjacking attacks, as most interesting functionality on websites typically requires authentication.
#paulosyibelo#EN#2024#DoubleClickjacking#analysis#technique
·paulosyibelo.com·
DoubleClickjacking: A New Era of UI Redressing
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group
Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan's two airports, putting them out of action temporarily, the country's cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy's "Russophobes get a well deserved cyber response".
#reuters#EN#2024#Noname057(16)#Italy#DDoS
·reuters.com·
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group